With a bug as dangerous as the âshellshockâ security vulnerability discovered yesterday, it takes less than 24 hours to go from proof-of-concept to pandemic.
As of Thursday, multiple attacks were already taking advantage of that vulnerability, a long-standing but undiscovered bug in the Linux and Mac tool Bash that makes it possible for hackers to trick Web servers into running any commands that follow a carefully crafted series of characters in an HTTP request.

As a young man, Kevin Mitnick became the worldâs most notorious black hat hacker, breaking into the networks of companies like IBM, Nokia, Motorola, and other targets. After a stint in prison, he reinvented himself as a white hat hacker, selling his skills as a penetration tester and security consultant.

The flaw involves how Bash evaluates environment variables. With specifically crafted variables, a hacker could use this hole to execute shell commands. This, in turn, could render a server vulnerable to ever greater assaults.

The Target and Home Depot breaches should've been wake-up calls. Instead, the bad guys remain free to wreak havoc everywhere. Last week I noted that most companies are either already hacked or could easily be hacked -- and, when they have anything worth stealing, are probably already owned by multiple APT (advanced persistent threat) groups.

It is clear why malware writers target TGT -0.1% such retailers as Home Depot HD -0.43% and Target. It is obvious, if not pathetic, why hackers break into the cloud to find and publish private nude photos of celebrities.
But a companyâs customer relationship management data? Well, yes.

Plain-text passwords and account names linked to five million Gmail accounts have been leaked onto several Russian forums.
Security experts had already confirmed the data seemed legit, albeit approximately three years old, before Google put up its blog post on the subject.

Twitter is one of my favorite social platforms. As a journalist, I get news from it, but I also get to interact with my peers and friends. But Twitter, like every other social platform, has an interesting attack surface; one that criminals have been exploiting for years.